LEXTRACE("INCLUDEDIR\n");
/*
- * Push current buffer and switch to include file.
- * We simply ignore empty directories.
+ * Push current buffer and switch to include file,
+ * ignoring missing or empty directories.
*/
if (!push_includedir(path))
yyterminate();
debug_return;
}
+/*
+ * Open an include file (or file from a directory), push the old
+ * sudoers file buffer and switch to the new one.
+ * A missing or insecure include dir is simply ignored.
+ * Returns false on error, else true.
+ */
static bool
push_include_int(char *path, bool isdir)
{
SLIST_INIT(&istack[idepth].more);
if (isdir) {
struct stat sb;
- int count;
- switch (sudo_secure_dir(path, sudoers_uid, sudoers_gid, &sb)) {
- case SUDO_PATH_SECURE:
- break;
- case SUDO_PATH_MISSING:
- debug_return_bool(false);
- case SUDO_PATH_BAD_TYPE:
- errno = ENOTDIR;
- if (sudoers_warnings) {
+ int count, status;
+
+ status = sudo_secure_dir(path, sudoers_uid, sudoers_gid, &sb);
+ if (status != SUDO_PATH_SECURE) {
+ if (sudoers_warnings) {
+ switch (status) {
+ case SUDO_PATH_BAD_TYPE:
+ errno = ENOTDIR;
sudo_warn("%s", path);
- }
- debug_return_bool(false);
- case SUDO_PATH_WRONG_OWNER:
- if (sudoers_warnings) {
+ break;
+ case SUDO_PATH_WRONG_OWNER:
sudo_warnx(U_("%s is owned by uid %u, should be %u"),
path, (unsigned int) sb.st_uid,
(unsigned int) sudoers_uid);
- }
- debug_return_bool(false);
- case SUDO_PATH_WORLD_WRITABLE:
- if (sudoers_warnings) {
+ break;
+ case SUDO_PATH_WORLD_WRITABLE:
sudo_warnx(U_("%s is world writable"), path);
- }
- debug_return_bool(false);
- case SUDO_PATH_GROUP_WRITABLE:
- if (sudoers_warnings) {
+ break;
+ case SUDO_PATH_GROUP_WRITABLE:
sudo_warnx(U_("%s is owned by gid %u, should be %u"),
path, (unsigned int) sb.st_gid,
(unsigned int) sudoers_gid);
+ break;
+ default:
+ break;
}
- debug_return_bool(false);
- default:
- /* NOTREACHED */
- debug_return_bool(false);
+ }
+ /* A missing or insecure include dir is not a fatal error. */
+ debug_return_bool(true);
}
count = switch_dir(&istack[idepth], path);
if (count <= 0) {
debug_return_bool(true);
}
+/*
+ * Restore the previous sudoers file and buffer, or, in the case
+ * of an includedir, switch to the next file in the dir.
+ * Returns false if there is nothing to pop, else true.
+ */
static bool
pop_include(void)
{
LEXTRACE("INCLUDEDIR\n");
/*
- * Push current buffer and switch to include file.
- * We simply ignore empty directories.
+ * Push current buffer and switch to include file,
+ * ignoring missing or empty directories.
*/
if (!push_includedir(path))
yyterminate();
debug_return;
}
+/*
+ * Open an include file (or file from a directory), push the old
+ * sudoers file buffer and switch to the new one.
+ * A missing or insecure include dir is simply ignored.
+ * Returns false on error, else true.
+ */
static bool
push_include_int(char *path, bool isdir)
{
SLIST_INIT(&istack[idepth].more);
if (isdir) {
struct stat sb;
- int count;
- switch (sudo_secure_dir(path, sudoers_uid, sudoers_gid, &sb)) {
- case SUDO_PATH_SECURE:
- break;
- case SUDO_PATH_MISSING:
- debug_return_bool(false);
- case SUDO_PATH_BAD_TYPE:
- errno = ENOTDIR;
- if (sudoers_warnings) {
+ int count, status;
+
+ status = sudo_secure_dir(path, sudoers_uid, sudoers_gid, &sb);
+ if (status != SUDO_PATH_SECURE) {
+ if (sudoers_warnings) {
+ switch (status) {
+ case SUDO_PATH_BAD_TYPE:
+ errno = ENOTDIR;
sudo_warn("%s", path);
- }
- debug_return_bool(false);
- case SUDO_PATH_WRONG_OWNER:
- if (sudoers_warnings) {
+ break;
+ case SUDO_PATH_WRONG_OWNER:
sudo_warnx(U_("%s is owned by uid %u, should be %u"),
path, (unsigned int) sb.st_uid,
(unsigned int) sudoers_uid);
- }
- debug_return_bool(false);
- case SUDO_PATH_WORLD_WRITABLE:
- if (sudoers_warnings) {
+ break;
+ case SUDO_PATH_WORLD_WRITABLE:
sudo_warnx(U_("%s is world writable"), path);
- }
- debug_return_bool(false);
- case SUDO_PATH_GROUP_WRITABLE:
- if (sudoers_warnings) {
+ break;
+ case SUDO_PATH_GROUP_WRITABLE:
sudo_warnx(U_("%s is owned by gid %u, should be %u"),
path, (unsigned int) sb.st_gid,
(unsigned int) sudoers_gid);
+ break;
+ default:
+ break;
}
- debug_return_bool(false);
- default:
- /* NOTREACHED */
- debug_return_bool(false);
+ }
+ /* A missing or insecure include dir is not a fatal error. */
+ debug_return_bool(true);
}
count = switch_dir(&istack[idepth], path);
if (count <= 0) {
debug_return_bool(true);
}
+/*
+ * Restore the previous sudoers file and buffer, or, in the case
+ * of an includedir, switch to the next file in the dir.
+ * Returns false if there is nothing to pop, else true.
+ */
static bool
pop_include(void)
{
projects / sudo / commitdiff